BridgeInsight: An asset profiler for penetration testing in a heterogeneous maritime bridge environment

Maritime Technology and Research Pub Date : 2023-09-21 DOI:10.33175/mtr.2024.266818

Avanthika Vineetha Harish, Kimberly Tam, Kevin Jones

{"title":"BridgeInsight: An asset profiler for penetration testing in a heterogeneous maritime bridge environment","authors":"Avanthika Vineetha Harish, Kimberly Tam, Kevin Jones","doi":"10.33175/mtr.2024.266818","DOIUrl":null,"url":null,"abstract":"A maritime bridge environment is a heterogeneous ecosystem of complex systems for various operations. As part of new requirements set by the International Association of Classification Societies, ship operators must now maintain an asset inventory aboard vessels specifically to improve their cyber security. This paper discusses the development of a ship-specific asset profiler that will not only identify and record the devices present automatically but also provide an in-depth analysis of their properties and characteristics in an intelligent and user-friendly manner. As cyberattacks increase in the maritime industry, proper testing of ship systems is essential, to ensure vessels remain secure and the risk of a cyberattack is minimized. An asset profiler for the bridge environment would serve as a tool for profiling the devices, helping personnel make faster and well-informed decisions, and could be a component of a wider audit framework. This paper presents a ship bridge profiler (i.e., BridgeInsight) used to identify all devices on the bridge of a vessel automatically and which provides information on them using a generated PDF report that consists of graphs and charts. To do this, it uses the Random Forest classifier algorithm, and the information it provides will enable the auditor or pen tester to perform manual testing or automate audits, while also providing comprehensive information that engineers and mariners can use to comply with regulations. Highlights As part of new requirements set by the International Association of Classification Societies, ship operators must now maintain asset inventory aboard vessels specifically to improve their cyber security. This paper presents a ship bridge profiler (i.e., BridgeInsight) used to identify all devices on the bridge of a vessel automatically. We envision automated asset detection and classification to have even more benefit in future cyber security work, as penetration testing.","PeriodicalId":489022,"journal":{"name":"Maritime Technology and Research","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-09-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Maritime Technology and Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33175/mtr.2024.266818","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

A maritime bridge environment is a heterogeneous ecosystem of complex systems for various operations. As part of new requirements set by the International Association of Classification Societies, ship operators must now maintain an asset inventory aboard vessels specifically to improve their cyber security. This paper discusses the development of a ship-specific asset profiler that will not only identify and record the devices present automatically but also provide an in-depth analysis of their properties and characteristics in an intelligent and user-friendly manner. As cyberattacks increase in the maritime industry, proper testing of ship systems is essential, to ensure vessels remain secure and the risk of a cyberattack is minimized. An asset profiler for the bridge environment would serve as a tool for profiling the devices, helping personnel make faster and well-informed decisions, and could be a component of a wider audit framework. This paper presents a ship bridge profiler (i.e., BridgeInsight) used to identify all devices on the bridge of a vessel automatically and which provides information on them using a generated PDF report that consists of graphs and charts. To do this, it uses the Random Forest classifier algorithm, and the information it provides will enable the auditor or pen tester to perform manual testing or automate audits, while also providing comprehensive information that engineers and mariners can use to comply with regulations. Highlights As part of new requirements set by the International Association of Classification Societies, ship operators must now maintain asset inventory aboard vessels specifically to improve their cyber security. This paper presents a ship bridge profiler (i.e., BridgeInsight) used to identify all devices on the bridge of a vessel automatically. We envision automated asset detection and classification to have even more benefit in future cyber security work, as penetration testing.

查看原文本刊更多论文

BridgeInsight:在异构海上桥梁环境中进行渗透测试的资产分析器

海上桥梁环境是一个由各种操作的复杂系统组成的异质生态系统。作为国际船级社协会(International Association of Classification Societies)新要求的一部分，船舶运营商现在必须专门维护船上的资产清单，以提高其网络安全。本文讨论了船舶专用资产分析器的开发，该分析器不仅可以自动识别和记录设备，还可以以智能和用户友好的方式对其属性和特征进行深入分析。随着海事行业网络攻击的增加，对船舶系统进行适当的测试至关重要，以确保船舶保持安全，并将网络攻击的风险降至最低。桥梁环境的资产分析器可以作为分析设备的工具，帮助工作人员做出更快、更明智的决策，并且可以成为更广泛的审计框架的组成部分。本文介绍了一种船桥剖面仪(即BridgeInsight)，用于自动识别船桥上的所有设备，并使用生成的PDF报告提供有关它们的信息，该报告由图形和图表组成。为了做到这一点，它使用Random Forest分类器算法，它提供的信息将使审计员或渗透测试人员能够执行手动测试或自动审计，同时还提供工程师和水手可以使用的全面信息，以遵守法规。作为国际船级社协会新要求的一部分，船舶运营商现在必须专门维护船上的资产库存，以提高其网络安全。本文介绍了一种用于自动识别船桥上所有设备的船桥剖面仪(即BridgeInsight)。我们预计自动化资产检测和分类在未来的网络安全工作中会像渗透测试一样有更多的好处。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Maritime Technology and Research

自引率

0.00%

发文量